Ask Your Question
0

I can't capture 802.11 on wireshark

asked 2019-08-30 03:05:06 +0000

yukariM gravatar image

updated 2019-09-06 13:03:24 +0000

cmaynard gravatar image

Please tell me why I can't capture.

I checked both Monitor Mode and Promiscuous.

By the way,I could not get capturing even the following command. sudo dumpcap -I -i en0

  • Use PC Mac Mojave ver.10.14.6(18G95)
  • WIRESHARK version 3.0.3
edit retag flag offensive close merge delete

Comments

What do you mean by "can't capture"? Do you mean that you get an error using dumpcap, or that you don't get an error but no packets are captured, or what?

And, again, what happens with sudo tcpdump -I -i en0?

Guy Harris gravatar imageGuy Harris ( 2019-09-06 17:18:14 +0000 )edit

Thank you for your comment!

The latter is correct,I don't get an error but no packets are captured.

When I run sudo tcpdump -I -i en0 -vv, The following is displayed on the terminal.

tcpdump: listening on en0, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 262144 bytes

after 10 minutes I runed sudo tcpdump -I -i en0 -vv,I press control-C,I get the following results.

0 packets captured

0 packets received by filter

0 packets dropped by kernel

yukariM gravatar imageyukariM ( 2019-09-09 01:27:45 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2019-08-30 07:51:03 +0000

Guy Harris gravatar image

If tcpdump can't capture it, that's a macOS issue, not a Wireshark issue. Please report a bug to Apple.

edit flag offensive delete link more

Comments

Thank you for your answer! After all it is so…

However, when I inquired Apple, operations on the terminal and other applications were not subject to inquiry.

yukariM gravatar imageyukariM ( 2019-08-30 10:10:42 +0000 )edit

It's unclear to me if you actually tried capturing with tcpdump or not? The question only indicates that dumpcap was tried, not tcpdump.

cmaynard gravatar imagecmaynard ( 2019-09-06 13:02:22 +0000 )edit

Thank you for your comment!

When I run sudo tcpdump -i en0 -I -vv,I get the following results.

tcpdump: listening on en0, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 262144 bytes

--after five minutes--

^C

0 packets captured

0 packets received by filter

0 packets dropped by kernel

yukariM gravatar imageyukariM ( 2019-09-09 01:39:35 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-08-30 03:05:06 +0000

Seen: 708 times

Last updated: Sep 06 '19